Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSE-C option on native-filesystem security mapping #24566

Merged
merged 1 commit into from
Jan 2, 2025
Merged

Add SSE-C option on native-filesystem security mapping #24566

merged 1 commit into from
Jan 2, 2025
+251 −10

Conversation

anusudarsan
Copy link
Member

Description

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

## Section
* Fix some things. ({issue}`issuenumber`)

@anusudarsan anusudarsan requested a review from electrum December 23, 2024 21:08
@cla-bot cla-bot bot added the cla-signed label Dec 23, 2024
@anusudarsan anusudarsan requested a review from ssheikin December 23, 2024 21:09
@github-actions github-actions bot added the docs label Dec 23, 2024
@anusudarsan anusudarsan requested review from marcinsbd and wendigo and removed request for ssheikin December 23, 2024 21:09
@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch from 33d2e81 to be26d6d Compare December 27, 2024 20:00
nineinchnick
nineinchnick reviewed Dec 30, 2024
View reviewed changes
...launcher/src/main/java/io/trino/tests/product/launcher/env/configs/ConfigDynamicCatalog.java Outdated Show resolved Hide resolved
lib/trino-filesystem-s3/src/main/java/io/trino/filesystem/s3/S3SecurityMappingProvider.java Outdated

// selected Customer key must match default or be allowed
if (!selected.equals(mapping.customerKey().orElse(null)) &&
!mapping.allowedCustomerKeys().contains(selected) &&
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're missing docs that would explain the relationship between customerKey and allowedCustomerKeys. customerKey is optional, but if users only set customerKey without any allowedCustomerKeys, this will always silently fail. Maybe we should throw an exception in this case?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a check for sseCustomerKey().isPresent() and allowedSseCustomerKeys().isEmpty()

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! But we're still missing docs that would describe it. KMS is well documented.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added! thanks

wendigo
wendigo reviewed Dec 30, 2024
View reviewed changes
Copy link
Contributor

@wendigo wendigo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skimmed. Overall LGTM % naming and such

@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch 2 times, most recently from d218fbc to a83052b Compare December 30, 2024 17:49
marcinsbd
marcinsbd reviewed Dec 31, 2024
View reviewed changes
Copy link
Contributor

@marcinsbd marcinsbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

lib/trino-filesystem-s3/src/main/java/io/trino/filesystem/s3/S3SecurityMapping.java Outdated Show resolved Hide resolved
lib/trino-filesystem-s3/src/main/java/io/trino/filesystem/s3/S3SecurityMapping.java Outdated Show resolved Hide resolved
lib/trino-filesystem-s3/src/main/java/io/trino/filesystem/s3/S3SecurityMappingProvider.java Outdated Show resolved Hide resolved
@wendigo wendigo force-pushed the anu/sse-c-native-fs-security-mapping branch from a83052b to 686d724 Compare December 31, 2024 12:18
wendigo
wendigo approved these changes Dec 31, 2024
View reviewed changes
Copy link
Contributor

@wendigo wendigo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've pushed remaining fixes

@wendigo wendigo force-pushed the anu/sse-c-native-fs-security-mapping branch from 686d724 to d33d19b Compare December 31, 2024 12:48
@wendigo
Copy link
Contributor

wendigo commented Dec 31, 2024

@anusudarsan I think that we can merge it if the docs are fine (or follow up with the docs before the next release)

@anusudarsan anusudarsan force-pushed the anu/sse-c-native-fs-security-mapping branch from d33d19b to 14f0f04 Compare December 31, 2024 16:17
@anusudarsan
Copy link
Member Author

pushed one more doc update

@wendigo wendigo merged commit cdd0a9f into trinodb:master Jan 2, 2025
62 checks passed
@github-actions github-actions bot added this to the 469 milestone Jan 2, 2025
@anusudarsan anusudarsan deleted the anu/sse-c-native-fs-security-mapping branch January 2, 2025 14:01
@mosabua mosabua mentioned this pull request Jan 2, 2025
Open
@mosabua
Copy link
Member

mosabua commented Jan 2, 2025

I assume this needs a release notes entry .. suggestions @anusudarsan and @wendigo ?

@wendigo
Copy link
Contributor

wendigo commented Jan 2, 2025

Add support for SSE-C in S3 security mapping

@mosabua
Copy link
Member

mosabua commented Jan 2, 2025

Added

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@findinpath findinpath findinpath left review comments

@marcinsbd marcinsbd marcinsbd approved these changes

@nineinchnick nineinchnick nineinchnick approved these changes

@wendigo wendigo wendigo approved these changes

@electrum electrum Awaiting requested review from electrum

Assignees
No one assigned
Labels
cla-signed docs
Milestone
469
Development

Successfully merging this pull request may close these issues.
6 participants
@anusudarsan @wendigo @mosabua @nineinchnick @findinpath @marcinsbd